Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

answered 2022-07-17 17:00:00 +0000

plato gravatar image

To obtain SQL injection attack data using sqlmap, follow these steps:

  1. Identify the vulnerable website: Use vulnerability scanners such as Arachni or Vega to identify vulnerable websites that can be exploited using SQL injection.

  2. Identify the injection point: Use a browser proxy like Burp Suite or ZAP to intercept and analyze the website's HTTP traffic to identify the injection point.

  3. Use sqlmap to exploit the vulnerability: Once the injection point is identified, use sqlmap to exploit the vulnerability and extract data from the database. Use the following command to start the sqlmap scan: 

sqlmap -u "https://example.com/index.php?id=1" -p "id" --dbs

This command tells sqlmap to scan the URL "https://example.com/index.php?id=1" where "id" is the injection parameter. The --dbs option tells sqlmap to enumerate all the databases available in the target server.

  1. Extract data from the database: Once the databases are enumerated, use sqlmap to extract data from the databases. For example, the following command extracts all the tables in the target database:
sqlmap -u "https://example.com/index.php?id=1" -p "id" -D dbname --tables

The --tables option tells sqlmap to enumerate all the tables in the database. Similar commands can be used to extract columns and data from the tables.

Overall, sqlmap is a powerful tool that can be used to extract sensitive data from vulnerable websites. However, it must be used ethically and with the consent of the website owner.


Copyright QStack.ai, 2010-2023. Content on this site is licensed under the Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service | contact